如何在Debian或Ubuntu Linux下安装SNMP服务器以配置各种监视服务？

SNMP(简单网络管理协议)是用于网络管理的协议。
NET-SNMP项目提供各种SNMP工具：可扩展代理，SNMP库，用于从SNMP代理请求或设置信息的工具，用于生成和处理SNMP陷阱的工具，使用SNMP的netstat命令版本以及Tk/Perl mib浏览器。 snmpd软件包包含snmpd和snmptrapd守护程序，文档等。

安装snmpd

# apt-get update && apt-get install snmpd

Snmpd配置文件

Snmpd配置文件;/etc/snmp/snmpd.conf。
可以通过编辑/etc/default/snmpd来单独控制snmpd和snmpdtrap是否运行。

配置SNMPD

# vi /etc/snmp/snmpd.conf

配置参考：

smuxsocket 127.0.0.1
rocommunity setMeHere
com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none

com2sec notConfigUser  default       mrtg
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included  .1                               80
access  notConfigGroup ""      any       noauth    exact  systemview none none

syslocation Mumbai, IN (VSNL LB3)
syscontact Hyman Gite <[email protected]>

编辑/etc/default/snmpd：

# /etc/default/snmpd

更新如下：

# This file controls the activity of snmpd and snmptrapd
 
# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs
 
# snmpd control (yes means start daemon).
SNMPDRUN=yes
 
# snmpd options (use syslog, close stdin/out/err).
# replace 204.x.y.z with your public IP 
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 204.x.y.z'
 
# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no
 
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
 
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

重启Snmpd服务

在Linux中如何重启Snmpd服务：

# /etc/init.d/snmpd restart

Snmp防火墙配置

Snmpd的端口号是161

防火墙配置文件示例：

#!/bin/sh
 
# set shell vars
PUB_IF="eth0"
SNMPD_CLIENT="85.x.y.z"
SNMPD_SERVER="203.a.b.c"
 
IPT="/sbin/iptables"
LO_IF="lo0"
 
# DROP and close everything all incoming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
 
# Allow Full Outgoing connection but no incoming stuff by default
$IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# Unlimited lo access
$IPT -A INPUT -i ${LO_IF} -j ACCEPT
$IPT -A OUTPUT -o ${LO_IF} -j ACCEPT
 
 
### Open port 161 ###
$IPT -A INPUT -i ${PUB_IF} -s ${SNMPD_CLIENT} -d ${SNMPD_SERVER} -p udp --dport 161 -j ACCEPT
 
### rest of iptables goes here ###

测试snmp

在本地系统中，执行以下snmpwalk命令：

# snmpwalk -v 1 -c mrtg 204.x.y.z IP-MIB::ipAdEntIfIndex

输出示例：

IP-MIB::ipAdEntIfIndex.10.20.110.2 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.204.xx.yy.zz = INTEGER: 3